Information from the /etc/passwd and /etc/default/useradd files is used to assign an initial default audit mask for every user on the system. If either the /etc/passwd or /etc/default/useradd file does not exist or cannot be accessed, an error message is displayed (see ``Diagnostics''). The defadm command modifies the value of the AUDIT_MASK parameter in the /etc/default/useradd file. If the AUDIT_MASK parameter does not exist or has an invalid value, an event mask of none is set and a warning message is displayed (see ``Diagnostics'').
If the audit mask file, /etc/security/ia/audit cannot be created or already exists, an error message is displayed (see ``Diagnostics'').
When the auditcnv command is invoked and completes successfully, the following message is displayed:
/etc/security/ia/audit createdIf the /etc/security/ia/audit file is corrupted or accidentally removed, auditcnv should be invoked before any further users log in to the system. The audit mask for users who log in while this file is corrupted or nonexistent may not include the desired audit events.
usage: auditcnv
Invalid command syntax.
file
file does not exist
cannot access file
file
cannot create audit mask file
audit mask file already exists
The audit mask file already exists when auditcnv is invoked.
unable to stat()
file, errno="
errno"
a default audit mask of none was set for all users